With the advent of personal computer system use in every day business transactions, the issue of computer security has become critical. Unsecured personal computers inhibit electronic business (e-business) because users are reluctant, justifiably so, to transmit highly personal and sensitive information to system which may be vulnerable to intruders or viruses. While many Personal Computer (PC) manufacturers have made individual strides towards increasing security by adding “smart cards” or embedded security chips to their new models, the lack of a concerted effort by the PC industry to develop security technology could prevent the evolution of this technology in a consistent and compatible way between manufacturers.
Recognizing this potential risk and the adverse effects it could have on inhibiting electronic commerce, an open alliance between major PC manufacturers was formed to develop and propose a standard that would adopt hardware and software technologies to strengthen security at the platform level. The open alliance, formerly known as the Trusted Computing Platform Alliance (TCPA) (currently referred to as the Trusted Computing Group (TCG) but will be referred to herein as the TCPA), has proposed a standard including new hardware, BIOS and operating system specifications so PC manufacturers can provide a more trusted and secure PC platform based on common industry standards, the details of which are provided in the TCPA PC Specific Implementation Specification, 1.00 RC1 (Aug. 16, 2001) (http://www.trustedcomputinggroup.org), hereby incorporated by reference.
A brief discussion of the boot process of a computing system is deemed appropriate here. Computing systems require a basic input/output system (BIOS) in order to operate. The BIOS is code that controls basic hardware operations, such as interactions with disk drives, hard drives and the keyboard.
When a computer resets or is initially powered-on, a boot process begins. First, a power on self test (POST) begins executing. POST is an initialization code which configures the system utilizing initialization settings stored in storage. Once POST has configured the system, BIOS then controls the basic operation of the hardware utilizing the hardware as it was configured by POST. The boot process is complete once an operating system has been handed control of the system. In order for the boot process to be complete, POST must complete its execution.
POST and BIOS may be both stored as a single flash image in a storage device such as a flash memory. This image may be referred to as the “boot code.” If the flash image of POST and BIOS is corrupted, the boot of the system will not be able to be completed.
To recover from a defective flash image error, a system may include a boot block. A boot block may refer to an area within a flash memory containing code, referred to as the “boot block code,” which includes a segment of code sufficient to bring the computer system up and to read a recovery image from a boot media or bootable device. In other words, the boot block code may be considered to be a self-contained “miniBIOS” with enough code so as to read the new BIOS image off a boot media or the like. The boot block code may be executed when a computer is powered up or reset.
FIG. 1 is a block diagram illustrating a TCPA computing system 100 in accordance with TCPA standards. As is shown, the PC architecture includes a system 10, platform 20, motherboard or planar 30, and trusted building block (TBB) 40. The system 10 includes the platform 20 and all post-boot components 12. Post-boot components 12 may include Initial Program Load (IPL) code 13, an operating system 14 (comprise the entire entity that performs actions for, or acts on behalf of, a user), drivers 15, services 16, applications 17 and peripherals 18, e.g., display, keyboard. Platform 20 presents and receives information to and from the user. Platform 20 includes motherboard 30 and peripherals 22 attached to motherboard 30. Peripherals 22 may include add-on cards 20, a case 21, a hard disk 23 and a floppy disk 24. Platform 20 may further include a power supply 19.
Motherboard 30 is provided by the manufacturer and includes one or more CPUs 32, a memory 33 and all primary peripheral devices 34, i.e., devices which directly attach to and directly interact with motherboard 30. In addition, motherboard 30 includes all BIOSes 36 (POST BIOS 36 stored in flash memory 42 outside TBB 40), embedded firmware 38 and TBB 40. TBB 40 is the center of the trusted platform, and includes a portion of a flash memory 42 storing a boot block code 50 which includes a Core Root of Trust for Measurement (CRTM) 52. TBB 40 further includes a Trusted Platform Module (TPM) 44, and a trusted connection 46 of CRTM 52 and TPM 44 to motherboard 30.
According to the TCPA specification, CRTM 52 and TPM 44 are the only trusted components on the motherboard 30, i.e., they are presumably secure and isolated from tampering by a third party vendor or software. Only the authorized platform manufacturer (or agent thereof) can update or modify code contained therein. CRTM 52 is the executable component of TBB 40 that gains control of the platform 20 upon a platform reset. Thus, for all types of platform resets, CPU 32 always begins executing CRTM code 52 within boot block code 50. The trust in the platform is based on CRTM 52, and trust in all measurements is based on its integrity.
The basic premise underlying the trusted platform is ensuring that untrusted devices or software have not been loaded onto the system. Trust is established during a pre-boot state that is initiated by a platform reset. The platform reset can either be a cold boot (power-on), a hardware reset, or a warm boot typically caused by a user keyboard input. Following a platform reset, CPU 32 executes code with CRTM's 52 platform initialization code. The chain of trust begins at CRTM 52.
In this architecture, the BIOS includes boot block code 50 and a POST BIOS 36. Boot block code 50 and POST BIOS 36 are independent components and each can be updated independent of the other. Boot block code 50 is located in a portion of flash memory 42 within TBB 46, while POST BIOS 36 is located in another portion of flash memory 42 outside TBB 40. Thus, while the manufacturer or a third party supplier may update, modify or maintain POST BIOS 36, only the manufacturer can modify or update boot block code 50.
As stated above, CRTM 52 and TPM 44 are presumptively trusted. Thus, following a platform reset, CRTM 52 in boot block code 50 is executed, which measures the entity to which it will transfer control, in this case, Post BIOS 36. “Measuring an entity” means hashing code in the entity to produce a log of the code, which is then extended into a platform configuration register (PCR) 48 in TPM 44. TPM 44 includes a plurality of PCRs 48 (48a-d), a portion of which are designated to the pre-boot environment and referred to collectively as boot PCRs 48a. Each boot PCR 48a is dedicated to collecting specific information related to a particular stage of a boot sequence. For example, one boot PCR 48a (PCR[0]) may store measurements from CRTM 52, POST BIOS 36, and all firmware 38 physically bound to the motherboard 30.
Once POST BIOS 36 has been measured, control is transferred to POST BIOS 36, which then continues to boot the system by ensuring that hardware devices are functional. Once POST BIOS 36 gains control, it is responsible for measuring any entity to which it will transfer control. As POST BIOS 36 progresses through the boot sequence, values in the boot PCRs 48a change whenever an entity is measured.
Upon booting to operating system (OS) 14, operating system 14 verifies the trustworthiness of platform 20 by comparing the values in the boot PCRs 48a with precalculated values known by operating system 14. If the values match, operating system 14 is assured of a secure boot and that the platform is trusted. If the values do not match, operating system 14 is alerted of a possible breach, and operating system 14 can take measures to reestablish trust.
As stated above, CRTM 52 performs a measurement of POST BIOS 36. The process in measuring code is computationally intensive and takes a significant amount of time. Since CRTM 52 is embedded within boot block code 50 in a TCPA computing system 100, the time in booting up such a system is increased as the TCPA specification requires CRTM 52 to perform its measurement of the POST BIOS 36.
Users have become accustomed to fast boot times that computer systems currently offer. However, by including CRTM 52 within boot block code 50 in a TCPA computing system 100, the boot time will be increased thereby possibly causing annoyance for the user.
Therefore, there is a need in the art to reduce the boot time of a Trusted Computing Performance Alliance (TCPA) based computing system when the Core Root of Trust Measurement (CRTM) is incorporated within the boot block code.